{ description = "A DNS server for the ACME DNS-01 challenge written in dependency-free nim"; inputs.nixpkgs.url = github:NixOS/nixpkgs; outputs = { self, nixpkgs }: let # System types to support. supportedSystems = [ "x86_64-linux" "aarch64-darwin" ]; # Helper function to generate an attrset '{ x86_64-linux = f "x86_64-linux"; ... }'. forAllSystems = nixpkgs.lib.genAttrs supportedSystems; # Nixpkgs instantiated for supported system types. nixpkgsFor = forAllSystems (system: import nixpkgs { inherit system; }); in { packages = forAllSystems(system: let pkgs = nixpkgsFor.${system}; in { default = pkgs.nimPackages.buildNimPackage { name = "norbert"; src = self; }; } ); nixosModules.default = { config, lib, pkgs, ... }: with lib; let cfg = config.mawalu.services.norbert; in { options.mawalu.services.norbert = { enable = mkEnableOption "Enable the norbert DNS server"; config = { baseDomain = mkOption { type = types.str; description = "Base domain."; }; dnsPort = mkdOption { type = types.port; description = "DNS server port"; default = 15353; }; apiPort = mkOption { type = types.port; description = "API port"; default = 18000; }; }; users = mkOption { default = {}; type = types.attrsOf (types.submodule { options = { password = mkOption { type = types.str; default = null; description = "API password for the user"; }; }; }); example = literalExpression '' { "exampleuser" = { password = "insecure"; }; } ''; }; }; config = mkIf cfg.enable { systemd.services.norbert = { wantedBy = [ "multi-user.target" ]; serviceConfig = let pkg = self.packages.${pkgs.system}.default; in { Restart = "on-failure"; ExecStart = "${pkg}/bin/norbert ${pkgs.writeText "config" (generators.toINIWithGlobalSection {} { globalSection = cfg.config; sections = cfg.users; })}"; DynamicUser = "yes"; AmbientCapabilities = ["CAP_NET_BIND_SERVICE"]; }; }; }; }; }; }